Google Disaster Recovery

I went in to work this morning and habitually logged on to Google Reader to catch up on all the different websites I like to get updates from (my shared feed on the right hand side of this blog will tell you how varied those sites are!) Then on my lifehacker.com feed subscription, I read this post. And it scared the bejeezus out of me.

A long time ago I used to have a Yahoo ID that was pretty much my primary. These were the pre-Google days, and email was what I mostly used it for. Inane email, with no credit card information or anything at stake (I was but a student in high school). Then one day it went kaput. Long story short - I was severely e-burnt.

Cut to 2007, and I live (as a lot of you do) a Google-enabled life. I use Google, Reader, GMail, Maps, Picasa, Orkut, Blogger, Image Search, News, YouTube, Checkout, Documents... heck, even my BlackBerry is wired to get GMail, News, and Maps. Not to mention the oodles of sites that I have subscribed to using GMail as my primary contact ID. My Google ID is as important to me as my SSN! What if I lost the password or, GASP! Someone stole it? I'll attempt here to write up a Google Disaster Prevention/ Recovery plan of my own, drawing inspiration from Lifehacker...

Google Disaster Prevention Plan

Be Security Conscious...

Never use a public computer you don't trust to logon using your Google account; only a computer that you know won't have trojans/ spyware on it.
Invest in a good anti-virus/ anti-spyware bundle (I do).

• Set a password for your windows profile. Don't use the administrator account regardless of what OS you use.


• Keep Windows Update on, and regularly download updates... (I do).


• Don't download/ install suspicious software - in general don't download executables unless you absolutely have to.


• Don't fall for the old 'I can check your email for you' or 'I need your password for...' routines - social engineering is the easiest method for ID theft. Mistrust anyone who asks such questions.


• Set a good password - at least 13 letters, numbers, special characters. Easy to remember and meaningless. Change it often.


• I follow the additional practice of having a set of 4 - 5 passwords. One for all email. One for each ecommerce site I use. One for all miscellaenous memberships etc. (Google makes this impossible because of the single sign-on to its multitude of services).


• Don't store your passwords in a text file somewhere on your machine (or on the web). If you must, keep them in encoded form, or in a password protected zip archive or Word document. Best policy is to not write them down at all.


• Configure a secondary email ID on Google in case you simply lose the password sometime and want to use the 'Forgot password' feature. Make sure this is an account that will remain active, and which you wont use for trivial purposes. (Your work ID is best for this, but remember to change it should your employment change!)

I could write a lot more here, but these are the absolute must-follow practices I could think of. As Mad Eye Moody would say CONSTANT VIGILANCE!!!

Don't be stupid (its easier than you think) and use protection. (That works fine for avoiding HIV too. :D)

Damage Inventory

OK, so the worst has happened. You tried to login to GMail and realized you account has been stolen/ deactivated. What do you do?

First inventory your losses... You don't have the time to howl about losing your favorite gonzo color scheme on iGoogle or your favorite subscriptions and layout in News and Reader. We are talking potential killer, material losses here. Off the top of my head, these are:

1. GMail: Loads of personal email, contact information, membership information (for other sites you joined using your at Gmail ID), chat archives etc - perhaps the biggest punch. With virtually unlimited storage, we could be talking about years worth of data.


2. Blogger: You've effectively lost your blog(s). Anyone could post crap there with you to blame.


3. Orkut: Your social network could be used to malicious ends. "You" could end up sending hurtful, fraudulent, or malicious messages, scraps, etc.


4. Picasa: Photograph collections. Someone evil has access to all your personal albums.


5. Google Checkout: Your credit card information has been compromised, as is any purchase history at e-merchants.


6. YouTube: You've lost your personal video archive, same as photos.


7. Documents: You've lost any Documents and Spreadsheets and Presentations you had. Some may have been confidential.

Google Disaster Recovery Plan

Part 1: Disaster Management

Contact Google... go through whatever identity verification they ask, and get the account disabled.

Part 2: Disaster Mitigation by Application

And here is my application-wise mitigation/ recovery plan:

1. GMail: GMail supports both POP3 and IMAP for offline synchronization with your favorite mail client. I recommend IMAP, and you can use any client at all (Outlook Express, MS Outlook, Windows Mail, iCal, Thunderbird, and a thousand such free programs) so long as you use it on a safe machine to create offline backups of all your mail, chat archives etc. Using a setting like 'Don't keep copy on server' is advisable if you also take regular hard disk backups on this machine.


2. Blogger: No way to recover the blog, but if you suspect your ID has been stolen, flag it immediately using the 'Flag' button shown in the ribbon on top, and get it offline.


3. Orkut: Use the contact information you have offline to send a mail notifying everyone (from another ID of course :D) to report your profile on Orkut as suspect. It will be taken offline/ deleted.


4. Picasa: If you were using Picasa (the client software) to upload some public albums, no real worries. Your photos are still on your hard drive. Just don't leave nude photos of yourself in a private album - that is a bad idea in general :D


5. Google Checkout: Your credit card information has been compromised, as is any purchase history at e-merchants. It is a horrible idea to click the tempting 'Remember my credit card information for future purchases' option at any merchant, Google Checkout being no exception. When e-shopping, while it may be painful, enter the card information each time, and don't store it online. Just in case you had anyway, contact your bank before you contact Google, and get the credit/ debit cards deactivated, and see if you can get your bank account number changed.


6. YouTube: You've lost your personal video archive, same as photos. Now try and recollect if you had pulled a Paris Hilton and left a sex video online sometime in the past :D


7. Documents: It is a bad idea to have documents that have no offline backup. You can use something like Google Gears to save your docs offline/ synchronize them regularly.

So anyway... that is my personal plan, which I belted out as fast as I could type.

I need not tell you just how scary/ frustrating losing your Google Account can be. I know of at least two regular readers who can testify to that experience in the comments!

And now to go and implement the sane common sense advice I am so good at dishing out but bad at following.

Excuse me...